Re: DHCP relay on PIX 6.3(3)

vlmacko · ‎09-17-2004

Hello,

I have DHCP clients directly behind PIX in VLAN, subinterface on PIX is default gateway for them. On outside interface is configured tunnel to remote location. DHCP server for clients is in remote location. We tried configure DHCP relay on PIX subinterface, but no responce received.

My qustion is: what is source address of DHCP request relaied by PIX ? Because I need build ACL to put it into tunnel ...

Thanks a lot,

Vladimir

nkhawaja · ‎09-18-2004

i dont think there is any IP address yet since client is trying to acquire one from the dhcp

from the documentation

Use network extension mode for DHCP clients whose DHCP server is on the other side of an Easy VPN tunnel. Otherwise, if the DHCP client is behind a PIX Firewall VPN Easy Remote device connected to an Easy VPN Server using client mode, then the DHCP client will not be able to get a DHCP IP address from the DHCP server on the other side of the Easy VPN Server

here is a link for network extension mode

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns27/networking_solutions_white_paper09186a0080189133.shtml

vlmacko · ‎09-20-2004

Thanks a lot,

I read link you mentioned very carefully, but there are used routers. What should I do if there is used PIX firewall on behalf 806 router ?

How car I configure "network extension mode" on PIX ?

And if I understand your comments well, it is impossible relay DHCP requests if server is on other side of IPSec tunnel and local device is PIX ?

Thanks a lot,

Vladimir

laje · ‎09-20-2004

Interesting!!! As a temporary solution, depending on the number of clients u have behind the PIX, I will reserve IP addresses on the DHCP server and use the PIX as a DHCP server to assign those reserved addresses to clients on the inside interface.Will think about it further and let u know. Good Luck